Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2020/09/04 12:0 p.m.•15 views

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

7.8CVSS3.6AI score0.00493EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/09/03 12:0 p.m.•25 views

Obstack generates unaligned references

Obstack generates unaligned references for types that require a large alignment...

7.5CVSS2.3AI score0.0116EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/09/03 12:0 p.m.•19 views

Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

7.5CVSS3.1AI score0.0139EPSS
Exploits1
RustSec
RustSec
•added 2020/09/03 12:0 p.m.•24 views

`index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

9.1CVSS3.3AI score0.0151EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/08/31 12:0 p.m.•27 views

Misbehaving `HandleLike` implementation can lead to memory safety violation

Unsafe code in ObjectPool has time-of-check to time-of-use TOCTOU bug that can eventually lead to a memory safety violation. ObjectPool and HandlePool implicitly assumes that HandleLike trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since...

8.1CVSS1.5AI score0.0087EPSS
Exploits0
RustSec
RustSec
•added 2020/08/27 12:0 p.m.•15 views

`cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/08/25 12:0 p.m.•20 views

Chunk API does not respect align requirement

Chunk API does not respect the align requirement of types. Unaligned reference can be created with the API, which is an undefined behavior...

7.5CVSS1.8AI score0.00915EPSS
Exploits0
RustSec
RustSec
•added 2020/08/25 12:0 p.m.•22 views

Matrix::new() drops uninitialized memory

Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct...

9.8CVSS2.8AI score0.0123EPSS
Exploits0
RustSec
RustSec
•added 2020/08/25 12:0 p.m.•20 views

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...

9.8CVSS3.6AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/08/20 12:0 p.m.•24 views

StrcCtx deallocates a memory region that it doesn't own

StrcCtx deallocate a memory region that it doesn't own when StrcCtx is created without using StrcCtx::new. This can introduce memory safety issues such as double-free and use-after-free to client programs...

9.8CVSS2.9AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/08/18 12:0 p.m.•23 views

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

The client software downloaded a list of servers from mozilla's servers and created local files named after the hostname field in the json document. No verification of the content of the string was made, and it could therefore have included '../' leading to path traversal. This allows an attacker...

9.1CVSS3AI score0.01507EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/07/14 12:0 p.m.•15 views

mach is unmaintained

Last release was almost 4 years ago. Maintainers seem to be completely unreachable. Possible Alternatives These may or may not be suitable alternatives and have not been vetted in any way; - mach2 - direct fork...

3.5AI score
Exploits0
RustSec
RustSec
•added 2020/07/09 12:0 p.m.•20 views

Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

9.8CVSS1.5AI score0.00979EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/07/04 12:0 p.m.•11 views

mozjpeg DecompressScanlines::read_scanlines is Unsound

This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on. Affected versions of mozjpeg crate allow creating instances of any type T from bytes, and do not correctly constrain T to the types for which it is safe to do so. Examples of safety violation possible for...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/07/04 12:0 p.m.•25 views

Ozone contains several memory safety issues

Ozone contains several memory safety issues including out-of-bound access and dropping of uninitialized memory...

3.1AI score
Exploits0
RustSec
RustSec
•added 2020/06/26 12:0 p.m.•23 views

Undefined Behavior in bounded channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

9.8CVSS2AI score0.02776EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/06/23 12:0 p.m.•19 views

linked-hash-map creates uninitialized NonNull pointer

Affected versions of this crate called mem::uninitialized to create a NonNull, which is undefined behavior. The flaw was corrected by avoiding the use of mem::uninitialized...

9.8CVSS3.5AI score0.01777EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/06/19 12:0 p.m.•17 views

`pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

4.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/06/16 12:0 p.m.•25 views

HTTP Request smuggling through malformed Transfer Encoding headers

HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks CL:TE/TE:TE by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a...

6.5CVSS1.3AI score0.01065EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/06/14 12:0 p.m.•20 views

Allows viewing and modifying arbitrary structs as bytes

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS4.2AI score0.01595EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/06/02 12:0 p.m.•19 views

Improper Synchronization and Race Condition in vm-memory

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service loss of IP networking because readobj and writeobj do not properly access memory. This affects aarch64 with musl or glibc and x8664 with musl...

7.5CVSS5.7AI score0.01599EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/06/01 12:0 p.m.•20 views

traitobject assumes the layout of fat pointers

This crate gets the data pointer from fat pointers assuming that the first element in a fat pointer is the data pointer. This is currently true, but it may change in a future Rust version, leading to memory corruption. This has been fixed in the master branch of the crate, but is has not been...

9.8CVSS3.7AI score0.0171EPSS
Exploits1
RustSec
RustSec
•added 2020/05/31 12:0 p.m.•21 views

Double free when calling `sys_info::disk_info` from multiple threads

Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...

9.8CVSS1.8AI score0.0123EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/28 12:0 p.m.•21 views

Use after free in ArcIntern::drop

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which...

8.1CVSS5.1AI score0.00957EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/05/27 12:0 p.m.•206 views

`LocalRequest::clone` creates multiple mutable references to the same object

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time...

8.1CVSS4.1AI score0.00957EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/05/26 12:0 p.m.•18 views

crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

7.1AI score
Exploits0
RustSec
RustSec
•added 2020/05/19 12:0 p.m.•19 views

tokio-rustls reads may cause excessive memory usage

tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...

7.5CVSS2.2AI score0.01336EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/11 12:0 p.m.•22 views

rio allows a use-after-free buffer access when a future is leaked

When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...

9.8CVSS3.1AI score0.01541EPSS
Exploits0
RustSec
RustSec
•added 2020/05/07 12:0 p.m.•8 views

`array!` macro is unsound in presence of traits that implement methods it calls internally

Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...

0.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/07 12:0 p.m.•21 views

bigint is unmaintained, use uint instead

The bigint crate is not maintained any more and contains several known bugs including a soundness bug; use uint instead...

9.8CVSS2AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/05/04 12:0 p.m.•17 views

stdweb is unmaintained

The author of the stdweb crate is unresponsive. Maintained alternatives: - wasm-bindgen - js-sys - web-sys...

2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/03 12:0 p.m.•27 views

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

5.5CVSS2AI score0.00399EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/05/02 12:0 p.m.•26 views

failure is officially deprecated/unmaintained

The failure crate is officially end-of-life: it has been marked as deprecated by the former maintainer, who has announced that there will be no updates or maintenance work on it going forward. The following are some suggested actively developed alternatives to switch to: - anyhow - eyre - fehler ...

2.7AI score
Exploits0
RustSec
RustSec
•added 2020/05/01 12:0 p.m.•21 views

`net2` crate has been deprecated; use `socket2` instead

The net2 crate has been deprecated and users are encouraged to considered socket2 instead...

2.3AI score
Exploits0
RustSec
RustSec
•added 2020/04/25 12:0 p.m.•45 views

Crash causing Denial of Service attack

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS2.7AI score0.53336EPSS
Exploits2Affected Software1
RustSec
RustSec
•added 2020/04/24 12:0 p.m.•17 views

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

1.8AI score
Exploits0
RustSec
RustSec
•added 2020/04/24 12:0 p.m.•26 views

Relies on undefined behavior of `char::from_u32_unchecked`

The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...

7.5CVSS3.5AI score0.01336EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/04/23 12:0 p.m.•19 views

Library exclusively intended to obfuscate code.

This crate allows you to write safe functions with unsafe bodies without the unsafe keyword. The value this adds is questionable, and hides unsafe usages from naive analysis...

2.1AI score
Exploits0
RustSec
RustSec
•added 2020/04/23 12:0 p.m.•20 views

Various memory safety issues

Several memory safety issues have been uncovered in an audit of rusqlite. See https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list...

9.8CVSS1.5AI score0.0173EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/04/18 12:0 p.m.•14 views

`stb_truetype` crate has been deprecated; use `ttf-parser` instead

This crate was maintained for use in rusttype which has switched to use ttf-parser...

0.8AI score
Exploits0
RustSec
RustSec
•added 2020/04/11 12:0 p.m.•35 views

`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks

The readscalar and readscalarat functions are unsound because they allow transmuting values without unsafe blocks. The following example shows how to create a dangling reference: fn main deriveCopy, Clone, PartialEq, Debug struct S&'static str; impl flatbuffers::EndianScalar for S fn...

7.5CVSS4.1AI score0.00583EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/04/09 12:0 p.m.•23 views

arr! macro erases lifetimes

Affected versions of this crate allowed unsoundly extending lifetimes using arr! macro. This may result in a variety of memory corruption scenarios, most likely use-after-free...

7.5CVSS4.6AI score0.01233EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/03/27 12:0 p.m.•20 views

use-after or double free of allocated memory

Conversion of BitVec to BitBox did not account for allocation movement. The flaw was corrected by using the address after resizing, rather than the original base address...

9.8CVSS3.5AI score0.01629EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/03/24 12:0 p.m.•28 views

Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

7.5CVSS0.9AI score0.0149EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/03/19 12:0 p.m.•22 views

CBox API allows to de-reference raw pointers without `unsafe` code

CBox and CSemiBox are part of the public API of the cbox crate and they allow to create smart pointers from raw pointers and de-reference them without the need of unsafe code...

9.8CVSS3.8AI score0.01629EPSS
Exploits1
RustSec
RustSec
•added 2020/03/19 12:0 p.m.•27 views

Flaw in hyper allows request smuggling by sending a body in GET requests

Vulnerable versions of hyper allow GET requests to have bodies, even if there is no Transfer-Encoding or Content-Length header. As per the HTTP 1.1 specification, such requests do not have bodies, so the body will be interpreted as a separate HTTP request. This allows an attacker who can control...

9.8CVSS2.2AI score0.02797EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/02/28 12:0 p.m.•22 views

tiberius is unmaintained

The author of tiberius has archived the GitHub repository and left the following note: I do not have the time to overhaul the library and do not intend to further maintain the 0.3 version relying on the old futures ecosystem. Suggested alternatives are: - odbc - sqlx forthcoming...

3.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/02/11 12:0 p.m.•26 views

Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect

The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::rawslice and RowMut::rawslicemut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation resul...

9.8CVSS3.5AI score0.01648EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/02/11 12:0 p.m.•14 views

rulinalg is unmaintained, use nalgebra instead

The rulinalg crate is no longer maintained, use nalgebra instead...

1.5AI score
Exploits0
RustSec
RustSec
•added 2020/02/10 12:0 p.m.•17 views

lzw is unmaintained

The author of the lzw crate is unresponsive. Maintained alternatives: - weezl...

2.1AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141